Quick Start Guide for Installing OpenText™ Identity Manager CE 24.4 (v4.10)
This document provides guidelines to help you quickly understand the OpenText Identity Manager CE 24.4 (v4.10) installation process.
Before beginning, you must understand how different components are integrated into OpenText Identity Manager.
For more information, see How OpenText Identity Manager Works in the OpenText™ Identity Manager CE 24.4 (v4.10) Overview and Planning Guide.
3.0 Installing and Configuring OpenText Identity Manager
You can install OpenText Identity Manager components on the same server or on multiple servers depending on your deployment strategy. Before you start installation, evaluate how you want to implement OpenText Identity Manager.
3.1 Components Installed
OpenText Identity Manager installation programs for Linux and Windows use different approaches for installing the components. The installer for Linux provides options to install a group of components together. However, the installer for Windows provides an option to install the components independently. You must review the following details to understand the installation pattern for your platform:
-
Linux: The installer obfuscates several underlying components and supporting software required by the OpenText Identity Manager components to run. For more information, see Understanding Linux Installables.
-
Windows: The installer allows you to separately install the individual components. For more information, see Understanding Windows Installables.
Understanding Linux Installables
The installation program provides concise interactive and silent methods for installing and configuring the following OpenText Identity Manager components on Linux:
-
OpenText Identity Manager Engine: Installs Identity Vault, Identity Manager engine, and Identity Manager drivers. The installation process also installs Azul Java Runtime Environment (JRE).
-
OpenText Identity Manager Remote Loader Service: Installs the Remote Loader service and the driver instances in the Remote Loader. Using the Remote Loader, you can run OpenText Identity Manager drivers on connected systems that do not host Identity Vault and OpenText Identity Manager engine.
-
OpenText Identity Manager Fanout Agent: Installs the Fanout agent for the JDBC Fanout driver. The JDBC Fanout driver uses the Fanout agent to create multiple JDBC Fanout driver instances. The Fanout agent loads the JDBC driver instances based on the configuration of the connection objects in the Fanout driver. For more information, see NetIQ Identity Manager Driver for JDBC Fanout Implementation Guide.
-
Identity Applications: Installs several components that provide the underlying framework for the following Identity Applications:
-
OpenText Identity Manager Dashboard
-
User Application
-
Role and Resource Service driver (RRSD)
-
User Application driver (UAD)
-
One Single Sign-On Provider (OSP)
-
Password Management component (SSPR)
-
PostgreSQL
-
PostgreSQL JDBC driver
-
Tomcat application server
This component is only available for Advanced Edition.
-
-
Identity Reporting: Installs several components that provide the underlying framework for the following Identity Reporting modules:
-
Identity Reporting
-
Managed System Gateway driver (MSGW)
-
Data Collection Service driver (DCS)
-
OSP
-
Tomcat application server
-
The guided installation (GUI) method for these components is not supported.
The installer includes two separate phases for installing and configuring these components. The installer also provides default values for the common settings. However, you can customize the settings to meet your requirements. Depending on the OpenText Identity Manager Edition selected during installation, different components will be installed.
Install the following components separately from the ISO file as the installer does not include these:
-
Designer for OpenText Identity Manager
-
Analyzer for OpenText Identity Manager
-
Sentinel Log Management for Identity Governance and Administration
Designer for OpenText Identity Manager and Analyzer for OpenText Identity Manager are also available in separate installation packages. For more information, see Installing Designer and Installing Analyzer in the OpenText™ Identity Manager CE 24.4 (v4.10) Install and Upgrade Guide for Linux. For information about installing Sentinel Log Management for IGA, see Installing Sentinel Log Management for Identity Governance and Administration in the OpenText™ Identity Manager CE 24.4 (v4.10) Install and Upgrade Guide for Linux.
Understanding Windows Installables
The installation program separately installs the following OpenText Identity Manager components on Windows:
-
Identity Vault (OpenText eDirectory)
-
OpenText Identity Manager Engine
-
Designer (install on a client computer)
-
Analyzer (required only for analyzing, cleaning, and preparing an organization’s data for synchronization)
-
Remote Loader
-
Fanout Agent
-
Tomcat (supported application server)
-
Single Sign-on Provider (OSP)
-
Password Management component (SSPR)
-
Identity Applications
-
Identity Reporting
After completing the installation, configure the settings to meet your requirements. For more information, see OpenText™ Identity Manager CE 24.4 (v4.10) Install and Upgrade Guide for Windows.
3.2 Installation Order
The installation programs vary for Linux and Windows operating systems. Before starting the installation, see Understanding Linux Installables and Understanding Windows Installables.
You must install the components in the following sequence on Linux and Windows:
-
Sentinel Log Management for Identity Governance and Administration
-
OpenText Identity Manager Engine components
-
Identity Applications components (not required for Standard Edition)
-
Identity Reporting components
-
OpenText Identity Console
-
Designer
-
Analyzer
3.3 Installation Procedure
You can install and configure OpenText Identity Manager in multiple ways to utilize its features. The following scenarios provide an overview of the flexibility built into OpenText Identity Manager. Use them to design a deployment strategy that fits your requirements. Verify that your server meets the system requirements for each component you plan to install. For more information, see OpenText™ Identity Manager CE 24.4 (v4.10) Install and Upgrade Guide for Linux or OpenText™ Identity Manager CE 24.4 (v4.10) Install and Upgrade Guide for Windows.
IMPORTANT:These deployment scenarios are examples to help you install OpenText Identity Manager. You can use these examples for reference. These examples do not reflect best practices or recommended configuration for a production environment. You must reach out to a OpenText Consulting Services or a OpenText Partner Services professional to help you design the OpenText Identity Manager system that is suitable for your environment.
Basic Setup
The most basic deployment option is an all-in-one system that contains all OpenText Identity Manager components on a single server.
The all-in-one deployment is suitable only for installing Identity Management Proof-of-Concept (POC). This setup may cause performance issues in production environments. You can install all components on one Linux or Windows computer except Sentinel Log Management for Identity Governance and Administration component, which can be installed only on Linux computers. You can perform this installation by running the installation files from the OpenText Identity Manager installation package for your operating system.
To provide scalability to different components, you can extend a basic setup to accommodate the requirements of a production environment where services are distributed across multiple servers. This type of installation allows you to install OpenText Identity Manager components separately or customize the settings.
In a simple approach, you can dedicate one server to the OpenText Identity Manager engine and OpenText Identity Console, and a second server to the identity applications and its supporting components, as well the reporting service. You can add another server for running the Sentinel Log Management for IGA component and Remote Loader.
Perform the following steps to install OpenText Identity Manager in this setup:
-
Install Sentinel Log Management for IGA on Server 4. This server must be a Linux computer.
You can generate the required audit reports by using Sentinel Log Management for IGA.
-
Install the OpenText Identity Manager engine and OpenText Identity Console on Server 1.
Open the ports required for OpenText Identity Vault to communicate with OpenText Identity Manager components. For example, 389, 524, 636, 8028, and 8030. For more information about the ports used by OpenText Identity Manager, see “Understanding OpenText Identity Manager Communication” in the OpenText™ Identity Manager CE 24.4 (v4.10) Security Guide.
-
Install and deploy the following components on Server 2.
-
Identity Applications
On Linux, the installer performs the following tasks:
-
Installs the authentication service to support single sign-on access to Identity Applications.
-
Installs a password management service that helps you configure OpenText Identity Manager to allow users to reset their passwords.
-
Deploys the User Application driver and the Role and Resource Service driver.
On Windows, you must manually perform the above tasks.
Open the ports required by Identity Applications, For example: 5432, 8005, 8009, 8080, 8109, 8180, 8443, 8543, and 45654. For more information about these ports, see “Installing OpenText Identity Manager” in the OpenText™ Identity Manager CE 24.4 (v4.10) Install and Upgrade Guide for Linux or Installing and Configuring OpenText Identity Manager Components in the OpenText™ Identity Manager CE 24.4 (v4.10) Install and Upgrade Guide for Windows.
-
-
Identity Reporting
Identity Reporting connects to Sentinel Log Management for IGA that was earlier installed on a different server. Open the ports required for Identity Reporting to communicate with OpenText Identity Manager components. For example, 435 and 15432. For more information about the ports used by OpenText Identity Manager, see “Understanding OpenText Identity Manager Communication” in the OpenText™ Identity Manager CE 24.4 (v4.10) Security Guide.
-
-
Install Remote Loader on Server 3.
Open port 8090 used by Remote Loader.
High Availability Configuration with Fault Tolerance
High availability ensures efficient manageability of critical network resources including data, applications, and services. You can install the following components in a high-availability environment:
-
Identity Vault
-
OpenText Identity Manager engine
-
Remote Loader
-
Identity Applications, except Identity Reporting
When you run Identity Vault in a clustered environment, the OpenText Identity Manager engine is also clustered. In this configuration, only one node is active at any point in time. If the active node fails, the service fails over to another node in the cluster.
You can cluster identity applications and authentication service to support single sign-on access (OSP on Windows) and configure these components for fault tolerance. The load balancer is typically part of the cluster. It understands the cluster configuration as well as failover policies. In this configuration, only one node in the cluster is active at any point of time, with the remaining nodes in passive or standby mode. When the active node fails, the load balancer diverts requests to the passive node.
You must ensure that session stickiness is enabled for the cluster created in the load balancer software for the identity applications nodes.
Perform the following steps to install OpenText Identity Manager in this setup on Linux:
-
Install Identity Vault on Server 1 and Server 2 with shared storage. State data for Identity Vault is located on the shared storage so that it is available to the cluster node that is currently running the Identity Vault. This data includes OpenText eDirectory DIB, NICI (NetIQ International Cryptographic Infrastructure) data, OpenText eDirectory configuration, and log data. For more information, see “Sample OpenText Identity Manager Cluster Deployment Solution” in the OpenText™ Identity Manager CE 24.4 (v4.10) Install and Upgrade Guide for Linux.
-
Install Sentinel Log Management for IGA on Server 12.
You can generate the required audit reports by using Sentinel Log Management for IGA.
-
Install the OpenText Identity Manager engine on Server 1 and Server 2.
Open the ports required for Identity Vault to communicate with OpenText Identity Manager components: 389, 524, 636, 8028, and 8030. For more information about the ports used by OpenText Identity Manager, see “Understanding OpenText Identity Manager Communication” in the OpenText™ Identity Manager CE 24.4 (v4.10) Security Guide.
-
Install all databases on Server 11.
These databases are connected to the identity applications servers.
-
Install and deploy identity applications on Server 3 and Server 4.
Both Server 3 and Server 4 combine to form a two-server cluster.
For more information, see Sample OpenText Identity Manager Cluster Deployment Solution in the OpenText™ Identity Manager CE 24.4 (v4.10) Install and Upgrade Guide for Linux.
-
Install Remote Loader on Server 6 and Server 7.
The OpenText Identity Manager engine installation program includes the installation files for Remote Loader.
-
Open port 8090 that is used by Remote Loader.
-
Install password management service on Server 8.
The identity applications installer contains the installation files for password management service that helps you configure OpenText Identity Manager to allow users to reset their passwords.
-
Install and deploy Identity Reporting on Server 9.
Open the ports required for Identity Reporting to communicate with OpenText Identity Manager components: 435 and 15432. For more information about the ports used by OpenText Identity Manager, see “Understanding OpenText Identity Manager Communication” in the OpenText™ Identity Manager CE 24.4 (v4.10) Security Guide.
-
Deploy the load balancer on Server 10. This is required to balance the load between the Identity Applications servers.
Perform the following steps to install OpenText Identity Manager in this setup on Windows:
-
Install Identity Vault on Server 1 and Server 2 with shared storage. State data for Identity Vault is located on the shared storage so that it is available to the cluster node that is currently running the Identity Vault. This data includes OpenText eDirectory DIB, NICI (NetIQ International Cryptographic Infrastructure) data, OpenText eDirectory configuration, and log data. For more information, see Sample Identity Manager Cluster Deployment Solution on Windows in the OpenText™ Identity Manager CE 24.4 (v4.10) Install and Upgrade Guide for Windows.
-
Install Sentinel Log Management for IGA on Server 12.
You can generate the required audit reports by using Sentinel Log Management for IGA.
-
Install the OpenText Identity Manager engine on both Identity Vaults.
-
Install all databases on Server 11.
These databases are connected to the identity applications servers.
-
Install and deploy identity applications on Server 3 and Server 4.
Both Server 3 and Server 4 combine to form a two-server cluster.
For more information, see Sample Identity Applications Cluster Deployment Solutionin the OpenText™ Identity Manager CE 24.4 (v4.10) Install and Upgrade Guide for Windows.
-
Install Remote Loader on Server 6 and Server 7.
Open port 8090 that is used by Remote Loader.
-
Install OSP on Server 3 and Server 4.
Both Server 3 and Server 4 combine to form a two-server cluster.
-
Install SSPR on Server 8.
-
Install and deploy Identity Reporting on Server 9.
-
Deploy the load balancer on Server 10. This is required to balance the load between the Identity Applications servers.
Deploying OpenText Identity Manager on Public Cloud
You can deploy OpenText Identity Manager in public cloud on Amazon Web Services (AWS) EC2 or Microsoft Azure. OpenText Identity Manager components can be deployed on a private or a public network based on your requirement. However, the deployment procedure is the same for all scenarios.
-
Use AWS EC2 to deploy OpenText Identity Manager components on Linux platform.
-
Use Microsoft Azure to deploy OpenText Identity Manager components on Windows platform.
OpenText provides the flexibility of deploying OpenText Identity Manager on on-premises and cloud environments. After determining the cloud provider that suits your environment, ensure that you review the recommended configuration details before beginning the deployment.